CN110266674A - A kind of Intranet access method and relevant apparatus - Google Patents
A kind of Intranet access method and relevant apparatus Download PDFInfo
- Publication number
- CN110266674A CN110266674A CN201910503580.9A CN201910503580A CN110266674A CN 110266674 A CN110266674 A CN 110266674A CN 201910503580 A CN201910503580 A CN 201910503580A CN 110266674 A CN110266674 A CN 110266674A
- Authority
- CN
- China
- Prior art keywords
- intranet
- mobile wireless
- firewall
- wireless access
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
Access control of the embodiment of the present invention suitable for security protection, disclose a kind of Intranet access method and relevant apparatus, the described method includes: Intranet firewall distributing equipment receives the Intranet connection request that mobile wireless access equipment is sent, Intranet connection request carries the positioning reference information of the mobile wireless access equipment;Intranet firewall distributing equipment determines resident geographic area at mobile wireless access equipment;First Intranet firewall is determined as the matched Intranet firewall of mobile wireless access equipment by Intranet firewall distributing equipment;First IP address of the first Intranet firewall is sent to mobile wireless access equipment by Intranet firewall distributing equipment, so as to provide the service of access target Intranet after mobile wireless access equipment and the first Intranet firewall establish connection for user terminal.The access efficiency to target Intranet can be improved through the invention, while improving the safety of target Intranet resource.
Description
Technical field
This application involves the communications field more particularly to a kind of Intranet access method and relevant apparatus.
Background technique
With the integration of global economy, more and more enterprises have all carried out related service in all parts of the world, this is just needed
It wants the employee of enterprise to be dispatched to all parts of the world to go to office.In some office scenes, the enterprise staff in other places needs to access
It obtains sharing text in some resources of company Intranet server, such as access corporate intranet webpage, access Intranet file server
The file etc. stored in part folder.In traditional mode, usually pass through VPN (Virtual Private Network, virtual private
Network) it realizes, it needs to establish vpn server in company Intranet, nonlocal employee connects internet in locality by mobile phone, computer etc.
Afterwards, the vpn server that corporate intranet is connected by internet, then accesses corporate intranet by vpn server.On the one hand, exist
When enterprise staff connects Intranet by terminals such as computers, the parameter of configured in advance connection corporate intranet VPN, such as Intranet are needed
The address of vpn server, login name and password of user etc., is then dialled and is connected.User's operation it is more and wait when
Between it is longer, more influence joint efficiency.On the other hand, using this kind of mode, anywhere enterprise staff is able to achieve to enterprise
The access netted in the industry makes the safety of corporate intranet resource by certain threat.
Summary of the invention
The application provides a kind of Intranet access method and relevant device, and user can be improved through the invention to target Intranet
Access efficiency, while improving the safety of target Intranet resource.
First aspect of the embodiment of the present invention provides a kind of Intranet access method, comprising:
Intranet firewall distributing equipment receives the Intranet connection for target Intranet that mobile wireless access equipment is sent and asks
It asks, the Intranet connection request carries the positioning reference information of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines the mobile wireless access equipment institute according to the positioning reference information
Resident geographic area in the mobile wireless access equipment;
The Intranet firewall distributing equipment is according to pair of the preset resident geographic area and the first Intranet firewall
It should be related to, the first Intranet firewall is determined as the matched Intranet firewall of the mobile wireless access equipment, wherein institute
Stating the first Intranet firewall is one in the multiple Intranet firewalls disposed for the target Intranet;
First IP address of the first Intranet firewall is sent to the movement by the Intranet firewall distributing equipment
Radio reception device, so that the mobile wireless access equipment is built according to first IP address and the first Intranet firewall
After vertical connection, user terminal is directed to the mesh by what the mobile wireless access equipment was sent by the first Intranet firewall
The Intranet access request of mark Intranet routes to the intranet server of the target Intranet, and the first Intranet firewall will be described interior
Network server responds the Intranet request response that the Intranet access request returns and is sent out by the mobile wireless access equipment
It send to the user terminal.
With reference to first aspect, in the first possible implementation, the method also includes:
The Intranet firewall distributing equipment obtains the resident geographic area of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines institute from the multiple Intranet firewalls disposed for the target Intranet
The corresponding first Intranet firewall in resident geographic area is stated, and it is anti-to establish the resident geographic area and first Intranet
The corresponding relationship of wall with flues, the first Intranet firewall are to be in the resident geographic area in the mobile wireless access equipment
In the case where, nearest for mobile wireless access equipment described in distance in multiple Intranet firewalls of target Intranet deployment
Intranet firewall, or in the case where the mobile wireless access equipment is in the resident geographic area, for the mesh
Mark the smallest Intranet fire prevention of network delay between the mobile wireless access equipment in multiple Intranet firewalls of Intranet deployment
Wall.
With reference to first aspect, in the second possible implementation, the method also includes:
The Intranet firewall distributing equipment periodically obtains the real-time geographical locations of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines institute in the real-time geographical locations according to the mobile wireless access equipment
When stating mobile wireless access equipment and being transferred to except the resident geographic area, Xiang Suoshu the first Intranet firewall, which is sent, is directed to institute
The disconnecting instruction of mobile wireless access equipment is stated, so that the first Intranet firewall is instructed according to the disconnecting,
Disconnect the connection with the mobile wireless access equipment.
With reference to first aspect, in the third possible implementation, the Intranet firewall distributing equipment is by described
First IP address of one Intranet firewall is sent to before the mobile wireless access equipment, further includes:
The Intranet firewall distributing equipment obtain the mobile wireless access equipment equipment identity information and/or with institute
State the terminal identity information of the user terminal of mobile wireless access equipment connection;
First IP address of the first Intranet firewall is sent to the movement by the Intranet firewall distributing equipment
Radio reception device includes:
The Intranet firewall distributing equipment according to the equipment identity information to the mobile wireless access equipment into
After capable authentication passes through, and/or, what is connect according to the terminal identity information pair with the mobile wireless access equipment
After the authentication that user terminal carries out passes through, the first IP address of the first Intranet firewall is sent to the mobile nothing
Line access device.
With reference to first aspect, in the fourth possible implementation, the resident geography of the mobile wireless access equipment
Region includes multiple;
The method also includes:
The Intranet firewall distributing equipment periodically obtains the real-time geographical locations of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines the mobile wireless access equipment according to the real-time geographical locations
When switching between multiple resident geographic areas of the mobile wireless access equipment, cut according to the mobile wireless access equipment
The preset corresponding relationship of second Intranet firewall of resident geographic area and the target Intranet after changing, in described second
Net firewall is determined as in multiple Intranet firewalls for target Intranet deployment, and the mobile wireless access equipment is cut
Change the matched Intranet firewall of institute behind resident geographic area;
The Intranet firewall distributing equipment is determining the first Intranet firewall and the second Intranet firewall not
When consistent, the second IP address of the second Intranet firewall is sent to the mobile wireless access equipment, so that the shifting
Dynamic radio reception device establishes connection according to second IP address and the second Intranet firewall, and disconnects and described first
The connection of Intranet firewall.
Second aspect of the embodiment of the present invention provides a kind of Intranet access method, which comprises
Mobile wireless access equipment sends the Intranet connection request for being directed to target Intranet to Intranet firewall distributing equipment, with
The positioning for the mobile wireless access equipment for making the Intranet firewall distributing equipment include according to the Intranet connection request
Reference information determines the resident geographic area of the mobile wireless access equipment at the mobile wireless access equipment, institute
Intranet firewall distributing equipment is stated according to the resident geographic area of the mobile wireless access equipment and for the target Intranet
The first Intranet firewall is determined as the target by the preset corresponding relationship of the first Intranet firewall of deployment
In multiple Intranet firewalls of Intranet deployment, the matched Intranet firewall of mobile wireless access equipment;
The mobile wireless access equipment receives first Intranet fire prevention that the Intranet firewall distributing equipment is sent
First IP address of wall, and according to first IP address, Xiang Suoshu the first Intranet firewall sends the connection of the first firewall and asks
It asks, so that the first Intranet firewall is established according to the first firewall connection request and the mobile wireless access equipment
Connection;
The mobile wireless access equipment is accessed in the Intranet for the target Intranet for receiving user terminal transmission
After request, the Intranet access request is routed to the Intranet service of the target Intranet by the first Intranet firewall
Device;
The mobile wireless access equipment passes through institute receiving the intranet server and respond the Intranet access request
After the Intranet request response for stating the return of the first Intranet firewall, the Intranet request response is sent to the user
Terminal.
In conjunction with second aspect, in the first possible implementation, the resident geography of the mobile wireless access equipment
Region includes multiple;
The method also includes:
The mobile wireless access equipment obtains the real-time geographical locations of the mobile wireless access equipment;
The mobile wireless access equipment is determining that the mobile wireless access equipment exists according to the real-time geographical locations
When switching between multiple resident geographic areas of the mobile wireless access equipment, Xiang Suoshu Intranet firewall distributing equipment is sent
The firewall switching request of the real-time geographical locations is carried, so that the Intranet firewall distributing equipment is to the mobile nothing
After being verified of the real-time geographical locations of line access device, according to the resident geography after mobile wireless access equipment switching
The preset corresponding relationship of second Intranet firewall of region and the target Intranet, the second Intranet firewall is determined as
In multiple Intranet firewalls for target Intranet deployment, the mobile wireless access equipment switches resident geographic area
The matched Intranet firewall of institute afterwards, the Intranet firewall distributing equipment are also determining the first Intranet firewall and described the
When two Intranet firewalls are inconsistent, the second IP address of the second Intranet firewall is sent to the mobile wireless access and is set
It is standby;
The mobile wireless access equipment sends second to the second Intranet firewall according to second IP address and prevents
Wall with flues connection request, so that the second Intranet firewall is established and the movement according to the second firewall connection request
The connection of radio reception device;
The mobile wireless access equipment disconnects the connection with the first Intranet firewall.
The third aspect of the embodiment of the present invention provides a kind of mobile wireless access equipment, comprising:
Request transmitting unit, for sending the Intranet connection request for being directed to target Intranet to Intranet firewall distributing equipment,
So that the mobile wireless access equipment that the Intranet firewall distributing equipment includes according to the Intranet connection request is determined
Position reference information, determines the resident geographic area of the mobile wireless access equipment at the mobile wireless access equipment,
The Intranet firewall distributing equipment is also according to the resident geographic area of the mobile wireless access equipment and for the target
The preset corresponding relationship of first Intranet firewall of Intranet deployment, the first Intranet firewall is determined as described
In multiple Intranet firewalls of target Intranet deployment, the matched Intranet firewall of mobile wireless access equipment;
Connection establishment unit, for receiving the first Intranet firewall that the Intranet firewall distributing equipment is sent
First IP address, and according to first IP address, Xiang Suoshu the first Intranet firewall sends the first firewall connection request, with
The first Intranet firewall is set to establish connection according to the first firewall connection request and the mobile wireless access equipment;
Message transmission unit, in the Intranet access request for the target Intranet for receiving user terminal transmission
Afterwards, the Intranet access request is routed to the intranet server of the target Intranet by the first Intranet firewall;
The message transmission unit is also used to pass through receiving the intranet server and respond the Intranet access request
After the Intranet request response that the first Intranet firewall returns, the Intranet request response is sent to the use
Family terminal.
Fourth aspect, the present invention provides a kind of mobile wireless access equipment, including processor, memory and communication to connect
Mouthful, the processor, memory and communication interface are connected with each other, wherein the communication interface is for sending and receiving data, institute
Memory is stated for storing program code, for calling said program code, said program code is worked as to be calculated the processor
Machine makes the computer execute any one in above-mentioned second aspect and each possible implementation of second aspect when executing
Method.
5th aspect, the present invention provides a kind of computer storage medium, the computer storage medium is stored with calculating
Machine program, the computer program include program instruction, and described program instruction when executed by a computer holds the computer
The above-mentioned first aspect of row and each possible implementation of first aspect and above-mentioned second aspect and each possibility of second aspect
Implementation in any one method.
In the embodiment of the present invention, Intranet firewall distributing equipment is receiving mobile wireless access equipment for target Intranet
Intranet connection request when, according to Intranet connection request carry positioning reference information determine at mobile wireless access equipment
Resident geographic area the first Intranet is prevented according to the corresponding relationship of preset resident geographic area and the first Intranet firewall
Wall with flues distributes to mobile wireless access equipment, so as to be after mobile wireless access equipment and the first Intranet firewall establish connection
The user terminal being connected with mobile wireless access equipment provides the service of the intranet server in access target Intranet.By this reality
Example is applied, user, without configuring any parameter, improves the access efficiency for target Intranet, simultaneously before access target Intranet
Intranet firewall distributing equipment is determining mobile wireless access equipment for the preset resident geography of mobile wireless access equipment
It is the Intranet firewall for the target Intranet that mobile wireless access equipment recommendation is connected, if not in permanent residence when in regional scope
When managing region, it may be implemented to limit the connection that mobile wireless access equipment is directed to target Intranet according to geographical location, improve mesh
The safety of network internal resource in marking.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for ability
For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to these attached drawings other attached
Figure.
Fig. 1 is the block schematic illustration that a kind of Intranet provided in an embodiment of the present invention accesses system;
Fig. 2 is a kind of system interaction schematic diagram of Intranet access method provided in an embodiment of the present invention;
Fig. 3 is the system interaction schematic diagram of another Intranet access method provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of mobile wireless access equipment provided in an embodiment of the present invention;
Fig. 5 is the structural schematic diagram of another mobile wireless access equipment provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that the described embodiment is only a part of the embodiment of the present invention, instead of all the embodiments.Based on this
Embodiment in invention, every other reality obtained by those of ordinary skill in the art without making creative efforts
Example is applied, shall fall within the protection scope of the present invention.
Fig. 1 is the block schematic illustration that a kind of Intranet provided in an embodiment of the present invention accesses system, as shown, in the Intranet
It accesses in system framework, Intranet firewall 1, Intranet firewall 2 and Intranet firewall 3 are in 3 disposed for target Intranet
Net firewall, mobile wireless access equipment 1 and mobile wireless access equipment 2 are connected with Intranet firewall 1 respectively, mobile wireless
Access device 3 is connected with Intranet firewall 3, and user terminal 1 is connected with mobile wireless access equipment 2, user terminal 2 and shifting
Dynamic radio reception device is connected.
Here, target Intranet be will be each in one of specific enterprise, particular organization, specific school etc. local geographic range
The local communication network that kind computer, server and database etc. are interconnected.Terminal or server in target Intranet
When being that terminal or server etc. in the target Intranet are communicated, realized by data link layer, communication information is not necessarily to
By the routing of router;When being that terminal or server outside the target Intranet are communicated, realized by network layer, mesh
The communication information that terminal or server in mark Intranet are sent is needed by router after network address translation, routes to institute
The terminal or server outside target Intranet are stated, the communication information that the terminal or server outside target Intranet return needs router to pass through
After crossing network address translation, the terminal or server of target Intranet are routed to.
Here, for target Intranet deployment Intranet firewall can be deployed in all parts of the world for disengaging target in
The firewall that the data packet of net is filtered, Intranet firewall are connected by wide area network with the router of target Intranet, in turn
The connection of the intranet server of target Intranet is implemented in by the router of target Intranet.
Here, mobile wireless access equipment is moveable, can emit wireless network signal, and has the nothing of routing function
Line access device.Mobile wireless access equipment will (Subscriber Identification Module be used by insertion SIM
Family identification) it is clamped into data network, cable network can also be accessed by way of being inserted into cable, connection can also be passed through
The mode of WIFI accesses wireless network.User terminal can access the wireless network and movement nothing of the transmitting of mobile wireless access equipment
The connection of line access device.
Here, Intranet firewall distributor can be with the domain name mapping function for target Intranet, and store
There is the equipment of each firewall IP address and deployed position for the deployment of target Intranet, such as GTM (Global Traffic
Manager, global traffic management) equipment etc..
Here, user terminal can be to include laptop, mobile phone, tablet computer etc. with wireless network receive capabilities
Terminal device.
Referring to fig. 2, Fig. 2 is a kind of system interaction schematic diagram of Intranet access method provided in an embodiment of the present invention, is such as schemed
It is shown, the method may include:
S201, Intranet connection of the mobile wireless access equipment to the transmission of Intranet firewall distributing equipment for target Intranet are asked
It asks.
Specifically, the mobile wireless access equipment can be after the starting that is triggered, i.e., to the Intranet firewall point
Preparation is arranged and send Intranet connection request, is also possible to the function enabled instruction in the access target Intranet for receiving user's transmission
Afterwards, Xiang Suoshu Intranet firewall distributing equipment sends Intranet connection request, can also be and is receiving connected user terminal
Send be directed to target Intranet Intranet access request when, Xiang Suoshu Intranet firewall distributing equipment transmission Intranet connection request.
The Intranet connection request can carry the Intranet domain name of the target Intranet, so that the Intranet firewall distributing equipment is to institute
It states after Intranet domain name parsed, is determined as the Intranet connection request for target Intranet.
Here, the Intranet connection request carries the positioning reference information of the mobile wireless access equipment, the positioning
Reference information can be the IP address of the mobile wireless access equipment, GPS data, WIFI access-in point information, connection base station letter
Breath etc..
S202, the Intranet firewall distributing equipment are set according to the mobile wireless access carried in the Intranet connection request
Standby positioning reference information determines resident geographic area at the mobile wireless access equipment.
Here, different mobile wireless access equipment has different corresponding resident geographic areas, described herein resident
Geographic area is the resident geographic area for the mobile wireless access equipment.The permanent residence of the mobile wireless access equipment
Reason region may include multiple, and the Intranet firewall distributing equipment can join according to the positioning of the mobile wireless access equipment
It examines information and determines resident geographic area at the mobile wireless access equipment.
Specifically, the Intranet firewall distributing equipment determines the mobile wireless access according to the positioning reference information
The geographical location of equipment, according to the geographical location determine the mobile wireless access equipment at resident geographic area.
Such as, if the positioning reference information is the IP address of the mobile wireless access equipment, the Intranet firewall distributing equipment can
To determine the geographical location of the mobile wireless access equipment according to the IP address by IP location technology, if the positioning is joined
The connection base station information that information is the mobile wireless access equipment is examined, the Intranet firewall can pass through base station location technology
The geographical location of the mobile wireless access equipment is determined by the connection base station information, it is then true according to the geographical location
Resident geographic area at the fixed mobile wireless access equipment.
S203, the Intranet firewall distributing equipment is according to the preset resident geographic area and the first Intranet firewall
Corresponding relationship, the first Intranet firewall is determined as the matched Intranet firewall of the mobile wireless access equipment.
Specifically, the Intranet firewall distributing equipment obtains the mobile wireless access equipment before step S203
Resident geographic area, for example, the safety in order to guarantee the target Intranet, the resident geographic area can be in described
The administrator's input for the mobile wireless access equipment that net firewall distributing equipment receives connects for the mobile wireless
Enter the secure access area that equipment specifically allows, is dangerous access region other than the resident geographic area;For another example, described
Resident geographic area is that the Intranet firewall distributing equipment is united according to the history access locations of the mobile wireless access equipment
The resident geographic area for counting the obtained mobile wireless access equipment, is also possible to the mobile wireless access equipment to itself
The resident geographic area that counts of history access locations, be then sent to the Intranet firewall distributing equipment.
After the Intranet firewall distributing equipment obtains the resident geographic area of the mobile wireless access equipment, from being directed to
The corresponding first Intranet fire prevention in the resident geographic area is determined in multiple Intranet firewalls of the target Intranet deployment
Wall, and establish the corresponding relationship of the resident geographic area and the first Intranet firewall.In a kind of optional implementation,
The Intranet firewall distributing equipment is anti-according to the resident geographic area and for each Intranet of target Intranet deployment
The deployed position of wall with flues will be set for mobile wireless access described in distance in multiple Intranet firewalls of target Intranet deployment
It is right in the case where the mobile wireless access equipment is in the resident geographic area that standby nearest Intranet firewall is determined as
The the first Intranet firewall answered.In another optional implementation, it is in described in the mobile wireless access equipment
In the case where resident geographic area, the Intranet firewall distributing equipment can will be disposed multiple interior for the target Intranet
The smallest Intranet firewall of network delay determines first Intranet between the mobile wireless access equipment in net firewall
Firewall.In the case that the mobile wireless access equipment is in the resident geographic area, the target Intranet it is each in
Network delay between net firewall and the mobile wireless access equipment, can be according to each with the mobile wireless access equipment
When item performance other mobile wireless access equipment all the same are in the resident geographic area, the Intranet with the target Intranet
The network delay approximate estimation of firewall connection determines, can also be according to each of the resident geographic area and the target Intranet
The length approximate estimation of information delivery media and information delivery media between a Intranet firewall determines.
First IP address of the first Intranet firewall is sent to described by S204, the Intranet firewall distributing equipment
Mobile wireless access equipment.
Optionally, before step S204, the mobile wireless access equipment is by the equipment of the mobile wireless access equipment
The terminal identity information of identity information and/or the user terminal is sent to the Intranet firewall distributing equipment, step S204
In, the Intranet firewall distributing equipment is in the body carried out according to the equipment identity information to the mobile wireless access equipment
After part is verified, and/or, after the authentication carried out according to the terminal identity information to the user terminal passes through,
First IP address of the first Intranet firewall is sent to the mobile wireless access equipment.The mobile wireless access is set
Standby equipment identity information can be access device identification code, the digital certificate, the movement of the mobile wireless access equipment
The access device user name and access device password, the mobile wireless access for user's input that radio reception device receives are set
The biological information etc. for authentication of the standby user's input received.The terminal identity information can be the use
The terminal user name for user's input that Terminal Equipment Identifier, digital certificate, the user terminal of family terminal receive and end
The biological information for authentication etc. for user's input that end password, the user terminal receive.It prevents fires in Intranet
It, can be into the authentication of mobile wireless access equipment before first IP address is sent to mobile wireless device by wall distributing equipment
One step ensures the safety of resource in target Intranet.
S205, the mobile wireless access equipment is established according to first IP address and the first Intranet firewall to be connected
It connects.
Specifically, the mobile wireless access equipment is according to first IP address, Xiang Suoshu the first Intranet firewall hair
Firewall connection request is sent, so that the first Intranet firewall sets the mobile access according to the firewall connection request
After standby authentication passes through, the connection with the mobile wireless access equipment is established.
In a kind of implementation, the access device of the mobile wireless access equipment is carried in the firewall connection request
Identification code, such as MAC Address, the first Intranet firewall are determining that the access device identification code is preset to allow to connect
When entering one of them in EIC equipment identification code, determination passes through the authentication of the mobile wireless access equipment.
User, which is carried, in another implementation, in the firewall connection request passes through the mobile wireless access equipment
The username and password of input, the first Intranet firewall determine the username and password be it is preset allow connect use
In name in an account book and password wherein one group when, determination the authentication of the mobile wireless access equipment is passed through.
In another implementation, the number card of the mobile wireless access equipment is carried in the firewall connection request
Book, the first Intranet firewall is according to the hair of the access device digital certificate carried in the access device digital certificate
Cloth side's information determines the certificate publisher of the access device digital certificate;The first Intranet firewall obtains the certificate
After publisher's digital certificate of publisher, by the publisher's public key for including in publisher's digital certificate, and described in use
Publisher's public key is decrypted the digital signature in the access device digital certificate to obtain the access device digital certificate
Certificate fingerprint, the first Intranet firewall carries out the access device digital certificate will use specified hash algorithm
Hash calculation obtains digital certificate cryptographic Hash;The first Intranet firewall is determining the first Intranet firewall progress Hash
When the digital certificate cryptographic Hash being calculated is consistent with the access device certificate fingerprint, determination sets the mobile wireless access
Standby authentication passes through.
It is based on specifically, the mobile wireless access equipment initiates three-way handshake with the first Intranet firewall foundation
The connection of ICP/IP protocol, the specific steps are as follows: the mobile wireless access equipment sends SYN to the first Intranet firewall
(Synchronize Sequence Numbers, synchronizing sequence number) data packet;The first Intranet firewall receives institute
After stating SYN data packet, Xiang Suoshu mobile wireless access equipment sends SYN+ACK, and (ACKnowledge Character confirms word
Symbol) data packet;After the mobile wireless access equipment receives the SYN+ACK data packet, Xiang Suoshu the first Intranet firewall
Feeding back ACK data packet;After the first Intranet firewall receives the ack msg packet of the mobile wireless access equipment feedback,
Connection between the mobile wireless access equipment and the first Intranet firewall, which is established, to be completed.
S206, user terminal send the Intranet access request for being directed to target Intranet to the mobile wireless access equipment.
Specifically, the user terminal can send wireless network to the mobile wireless access equipment before step S206
Network connection request, the mobile wireless access equipment directly can establish connection with the user terminal, can also be by described
After the user terminal identity information that wireless network connection request carries is verified, the connection with the user terminal is established.Institute
Stating user terminal identity information can set for the access mobile wireless access for user's input that the user terminal receives
The user name and password of the standby wireless network established can also be the biological characteristic letter for user's input that user terminal receives
Breath can also be the Terminal Equipment Identifier information of the user terminal.
It is understood that step S206 can after the mobile wireless access equipment and the user terminal establish connection
It is executed with any time before step S207.
The Intranet access request is sent to the first Intranet firewall by S207, the mobile wireless access equipment.
Specifically, the Intranet access request is the access request for the server in target Intranet, such as institute
State the access request of Web server in target Intranet, for the access request of ftp server in the target Intranet, for institute
State the access request etc. of mail server in target Intranet.
The Intranet access request is routed to the Intranet service of the target Intranet by S208, the first Intranet firewall
Device.
Specifically, the first Intranet firewall receives the Intranet access request that the mobile wireless access equipment is sent
Later, the Intranet access request is sent to the router of the target Intranet, the routing of the target Intranet by outer net
The Intranet access request is routed to corresponding intranet server in the target Intranet by the target Intranet by device.
S209, Intranet of the intranet server to Intranet access request described in the first Intranet firewall returning response
Request response.
Specifically, after the intranet server responds the Intranet access request generation Intranet request response, by institute
State the router that Intranet request response is sent to the target Intranet by the target Intranet, the road of the target Intranet
The Intranet request response is sent to by the first Intranet firewall by outer net by device.For example, if the Intranet is visited
Ask that request is certain file in request target Intranet in file server, then the Intranet request response can be text
This document that part server is sent.
The Intranet request response is sent to the mobile wireless access and set by S210, the first Intranet firewall
It is standby.
The Intranet request response is sent to the user terminal by S211, the mobile wireless access equipment.
Optionally, when the resident geographic area of the mobile wireless access equipment includes multiple, the mobile wireless is connect
Enter equipment and after the first Intranet firewall establishes connection, the reality of the mobile wireless access equipment itself can be obtained in real time
When geographical location, and monitor whether itself switches between multiple resident geographic areas according to the real-time geographical locations of itself;If
When determining that the mobile wireless access equipment switches between the multiple resident geographic areas of itself, Xiang Suoshu Intranet firewall point
Preparation is arranged and send the firewall switching request for carrying the real-time geographical locations, the Intranet firewall distributing equipment is to described
After the real-time geographical locations of mobile wireless access equipment are verified, according to resident after mobile wireless access equipment switching
The preset corresponding relationship of second Intranet firewall of geographic area and the target Intranet, the second Intranet firewall is true
It is set in multiple Intranet firewalls for target Intranet deployment, the resident geography of mobile wireless access equipment switching
The matched Intranet firewall of institute behind region, the Intranet firewall distributing equipment are determining the first Intranet firewall and described
When second Intranet firewall is inconsistent, the second IP address of the second Intranet firewall is sent to the mobile wireless access
Equipment after the mobile wireless access equipment establishes connection according to second IP address and the second Intranet firewall, is broken
Open the connection with the first Intranet firewall.
Here, the corresponding relationship of the resident geographic area after the switching and the second Intranet firewall can be refering to step
In rapid S203, the foundation of the corresponding relationship of resident geographic area and the first Intranet firewall before switching is no longer superfluous herein
It states.
The mobile wireless access equipment is initiated four disconnections of waving and is connect with the TCP/IP of the first Intranet firewall,
Specific step is as follows: the mobile wireless access equipment sends FIN (Finish to the first Intranet firewall
Character, termination character) data packet;After the first Intranet firewall receives the FIN data packet, to the movement
Radio reception device sends ack msg packet;The first Intranet firewall sends FIN data to the mobile wireless access equipment
Packet;After the mobile wireless access equipment receives the FIN data packet, Xiang Suoshu the first Intranet firewall sends ack msg
Packet;After the first Intranet firewall distributing equipment receives the ack msg packet, the mobile wireless access equipment with it is described
Connection between first Intranet firewall, which disconnects, to be completed.
In the embodiment of the present invention, Intranet firewall distributing equipment is receiving mobile wireless access equipment for target Intranet
Intranet connection request when, according to Intranet connection request carry positioning reference information determine at mobile wireless access equipment
Resident geographic area the first Intranet is prevented according to the corresponding relationship of preset resident geographic area and the first Intranet firewall
Wall with flues distributes to mobile wireless access equipment, so as to be after mobile wireless access equipment and the first Intranet firewall establish connection
The user terminal being connected with mobile wireless access equipment provides the service of the intranet server in access target Intranet.By this reality
Example is applied, user, without configuring any parameter, improves the access efficiency for target Intranet, simultaneously before access target Intranet
Intranet firewall distributing equipment is determining mobile wireless access equipment for the preset resident geography of mobile wireless access equipment
It is the Intranet firewall for the target Intranet that mobile wireless access equipment recommendation is connected, if not in permanent residence when in regional scope
When managing region, it may be implemented to limit the connection that mobile wireless access equipment is directed to target Intranet according to geographical location, improve mesh
The safety of network internal resource in marking.
Refering to Fig. 3, Fig. 3 is the system interaction schematic diagram of another Intranet access method provided in an embodiment of the present invention, such as
Shown in figure, the Intranet access method may include:
S301, Intranet connection of the mobile wireless access equipment to the transmission of Intranet firewall distributing equipment for target Intranet are asked
It asks.
S302, the Intranet firewall distributing equipment are set according to the mobile wireless access carried in the Intranet connection request
Standby positioning reference information determines the first resident geographic area at the mobile wireless access equipment.
Specifically, the mobile wireless access that the Intranet firewall distributing equipment is got is set before step S302
Standby resident geographic area have it is multiple, the first resident geographic area be one of those.In step S302, the movement nothing
Line access device is moved as described in determining IP address, GPS data according to the positioning reference information of the mobile wireless access equipment
The geographical location of dynamic radio reception device, it is corresponding multiple in the mobile wireless access equipment according to geographical location determination
It is the first resident geographic area at the mobile wireless access equipment in resident geographic area.
S303, the Intranet firewall distributing equipment are anti-according to the preset first resident geographic area and the first Intranet
The first Intranet firewall is determined as the matched Intranet of the mobile wireless access equipment and prevented fires by the corresponding relationship of wall with flues
Wall.
Specifically, for the mobile wireless access equipment resident geographic area have it is multiple, it is described before step S303
Intranet firewall distributing equipment is respectively the Intranet firewall of the corresponding target Intranet of each resident geography Region Matching, and
Establish each resident geographic area with matched Intranet firewall corresponding relationship.In a kind of implementation, it is described it is each often
In the corresponding Intranet firewall in geographic area be when the mobile wireless access equipment is in each resident geographic area,
With the mobile wireless access equipment apart from the smallest Intranet firewall;In another implementation, the resident geographic area
Corresponding Intranet firewall is when the mobile wireless access equipment is in each resident geographic area, with the movement
The smallest Intranet firewall of network delay between radio reception device.Wherein, each resident geographic area and matched Intranet
The corresponding relationship of firewall includes the corresponding relationship of the described first resident geographic area and the first Intranet firewall, Yi Jibu
Second Intranet of resident geographic area and the target Intranet after mobile wireless access equipment switching described in rapid S311 is prevented fires
The preset corresponding relationship of wall.
In step S303, the Intranet firewall distributing equipment is corresponding multiple resident from the mobile wireless access equipment
In geographic area and institute's corresponding relationship of matched Intranet firewall, Intranet corresponding to the acquisition first resident geographic area
Firewall, i.e. the first Intranet firewall.
First IP address of the first Intranet firewall is sent to described by S304, the Intranet firewall distributing equipment
Mobile wireless access equipment.
S305, the mobile wireless access equipment is established according to first IP address and the first Intranet firewall to be connected
It connects.
S306, the Intranet firewall distributing equipment periodically obtain the real-time geographic of the mobile wireless access equipment
Position.
Here, the real-time geographical locations of the mobile wireless access equipment can be logical for the Intranet firewall distributing equipment
Cross what location technology obtained.If the real-time geographical locations of the mobile wireless access equipment are mobile wireless access equipment hair
The Intranet firewall distributing equipment is given, to guarantee the target Intranet only in the resident of the mobile wireless access equipment
It is connected in geographic area by the mobile wireless access equipment, and then guarantees the safety of resource in the target Intranet, it is described
After Intranet firewall distributing equipment receives the real-time geographical locations that the mobile wireless access equipment is sent, need to pass through positioning
After technology verifies the real-time geographical locations, step S307 is executed.
S307, the Intranet firewall judge whether the mobile wireless access equipment is located according to the real-time geographical locations
In in the preset multiple resident geographic areas of the mobile wireless access equipment.
If judging result is no in step S307, step S308 is executed, if the determination result is YES, executes step S309.
S308, the Intranet firewall distributing equipment send to the first Intranet firewall and connect for the mobile wireless
Enter the disconnecting instruction of equipment.
S309, the first Intranet firewall are instructed according to the disconnecting, and disconnection is set with the mobile wireless access
Standby connection.
Specifically, being established between the first Intranet firewall and the mobile wireless access equipment before step S309
Connection based on TCP/IP, in step S309, the first Intranet firewall initiates to wave for four times according to disconnecting instruction
Ment is opened to be connect with the TCP/IP of the mobile wireless access equipment.Specific implementation please refers in the corresponding embodiment of Fig. 2,
Mobile wireless access equipment described in step S211 initiates four times and waves to disconnect the TCP/ between the first Intranet firewall
The step of IP connection, details are not described herein again.
S310, the Intranet firewall according to the real-time geographical locations judge the mobile wireless access equipment whether
Switch between multiple resident geographic areas of the mobile wireless access equipment.
If judging result is no in step S310, it is not processed, if the determination result is YES, executes step S311.
S311, the Intranet firewall distributing equipment is according to the resident geographic region after mobile wireless access equipment switching
The preset corresponding relationship of second Intranet firewall of domain and the target Intranet, the second Intranet firewall is determined as
In the multiple Intranet firewalls disposed for the target Intranet, after the mobile wireless access equipment switches resident geographic area
The matched Intranet firewall of institute.
S312, the Intranet firewall distributing equipment are determining the first Intranet firewall and second Intranet fire prevention
When wall is inconsistent, the second IP address of the second Intranet firewall is sent to the mobile wireless access equipment.
S313, the mobile wireless access equipment is established according to second IP address and the second Intranet firewall to be connected
It connects, and disconnects the connection with the first Intranet firewall.
In the embodiment of the present invention, the first Intranet of mobile wireless access equipment and Intranet firewall distributing equipment distribution
After firewall establishes connection, the Intranet firewall distributing equipment to the real-time geographical locations of the mobile wireless access equipment into
Row monitoring is transferred to other than the resident geographic area of the mobile wireless access equipment when the determining mobile wireless access equipment
When, it indicates that the first Intranet firewall disconnects the connection with the mobile wireless access equipment, makes the mobile wireless access
Equipment stops providing the service of access target Intranet for connected user terminal, has efficiently controlled in user terminal access target
The position of net improves the safety of resource in target Intranet.Simultaneously in the Intranet firewall distributing equipment according to
The real-time geographical locations of mobile wireless access equipment determine the mobile wireless access equipment between multiple resident geographic areas
When switching, the Intranet firewall distributing equipment promotes the resident geographic area institute after switching for the mobile wireless access equipment
Matched Intranet firewall makes the Intranet firewall being connected with the mobile wireless access equipment always apart from the mobile nothing
Line access device is nearest, or with mobile wireless access house grace more the smallest than network delay, ensure that user terminal passes through
The access network quality that the connection of mobile wireless access equipment and Intranet firewall accesses to the target Intranet.
Referring to fig. 4, Fig. 4 is a kind of structural schematic diagram of mobile wireless access equipment provided in an embodiment of the present invention, is such as schemed
Shown, the mobile wireless access equipment 40 at least may include request transmitting unit 401, connection establishment unit 402 and message
Transmission unit 403, in which:
Request transmitting unit 401 is asked for the Intranet connection to the transmission of Intranet firewall distributing equipment for target Intranet
It asks, so that the mobile wireless access equipment that the Intranet firewall distributing equipment includes according to the Intranet connection request
Reference information is positioned, determines the resident geographic region of the mobile wireless access equipment at the mobile wireless access equipment
Domain, the Intranet firewall distributing equipment is also according to the resident geographic area of the mobile wireless access equipment and for the mesh
The preset corresponding relationship for marking the first Intranet firewall of Intranet deployment, the first Intranet firewall is determined as institute
In the multiple Intranet firewalls for stating the deployment of target Intranet, the matched Intranet firewall of mobile wireless access equipment.
Connection establishment unit 402, first Intranet fire prevention sent for receiving the Intranet firewall distributing equipment
First IP address of wall, and according to first IP address, Xiang Suoshu the first Intranet firewall sends the connection of the first firewall and asks
It asks, so that the first Intranet firewall is established according to the first firewall connection request and the mobile wireless access equipment
Connection.
Message transmission unit 403, for being accessed in the Intranet for the target Intranet for receiving user terminal transmission
After request, the Intranet access request is routed to the Intranet service of the target Intranet by the first Intranet firewall
Device.
The message transmission unit 403 is also used to receiving the intranet server response Intranet access request
After the Intranet request response returned by the first Intranet firewall, the Intranet request response is sent to institute
State user terminal.
In the specific implementation, the mobile wireless access equipment can execute such as Fig. 2 by each functional module built in it
Each step that mobile wireless access equipment described in Intranet access method to Fig. 3 executes, specific implementation details see Fig. 2
The realization details of each step into the corresponding embodiment of Fig. 3, details are not described herein again.
In the embodiment of the present invention, request transmitting unit is sent to Intranet firewall distributing equipment in target Intranet
After net connection request, the positioning reference information that Intranet firewall distributing equipment is carried according to Intranet connection request determines mobile wireless
Resident geographic area at access device, and closed according to preset resident geographic area is corresponding with the first Intranet firewall
System, is sent to connection establishment unit for the first IP address of the first Intranet firewall, connection establishment unit is according to the first IP
It is the user being connected with mobile wireless access equipment by message transmission unit after address and the first Intranet firewall establish connection
Terminal provides the service of the intranet server in access target Intranet.Through this embodiment, user is before access target Intranet
Without configuring any parameter, the access efficiency for target Intranet is improved, Intranet firewall distributing equipment is determining mobile nothing
For line access device when in the preset resident geographical coverage area of mobile wireless access equipment, firewall determination unit is to move
Dynamic radio reception device recommends the Intranet firewall for the target Intranet being connected, if not may be implemented at resident geographic area
The connection that mobile wireless access equipment is directed to target Intranet is limited according to geographical location, improves the peace of network internal resource in target
Quan Xing.
Referring to Fig. 5, Fig. 5 is the structural schematic diagram of another mobile wireless access equipment provided in an embodiment of the present invention, such as
Shown in figure, the mobile wireless access equipment 50 includes processor 501, memory 502 and communication interface 503.Processor 501
It is connected to memory 502 and communication interface 503, such as processor 501 memory 502 can be connected to by bus and communication connects
Mouth 503.
Processor 501 is configured as that the mobile wireless access equipment is supported to execute Intranet access side described in Fig. 2-Fig. 3
The corresponding function of mobile wireless access equipment described in method.The processor 501 can be central processing unit (Central
Processing Unit, CPU), network processing unit (Network Processor, NP), hardware chip or any combination thereof.
Above-mentioned hardware chip can be specific integrated circuit (Application-Specific Integrated Circuit, ASIC),
Programmable logic device (Programmable Logic Device, PLD) or combinations thereof.Above-mentioned PLD can be complex programmable
Logical device (Complex Programmable Logic Device, CPLD), field programmable gate array (Field-
Programmable Gate Array, FPGA), Universal Array Logic (Generic Array Logic, GAL) or its any group
It closes.
Memory 502 is for storing program code etc..Memory 502 includes internal storage, and internal storage can wrap
Include at least one of following: volatile memory (such as dynamic random access memory (DRAM), static state RAM (SRAM), synchronize it is dynamic
State RAM (SDRAM) etc.) and nonvolatile memory (such as disposable programmable read only memory (OTPROM), programming ROM
(PROM), erasable programmable ROM (EPROM), electrically erasable ROM (EEPROM).Memory 502 can also include outer
Portion's memory, external memory may include at least one of following: hard disk (Hard Disk Drive, HDD) or solid state hard disk
(Solid-State Drive, SSD), flash drive, for example, high density flash memory (CF), secure digital (SD), miniature SD, mini SD,
Extreme digital (xD), memory stick etc..
The communication interface 503 is for receiving or sending data.
Processor 501 can call said program code to execute following operation:
The Intranet connection request for being directed to target Intranet is sent to Intranet firewall distributing equipment, so that the Intranet firewall
The positioning reference information for the mobile wireless access equipment that distributing equipment includes according to the Intranet connection request, determine described in
The resident geographic area of the mobile wireless access equipment at mobile wireless access equipment, the Intranet firewall distribution are set
It is standby to prevent also according to the resident geographic area of the mobile wireless access equipment and for the first Intranet of target Intranet deployment
The first Intranet firewall is determined as the multiple interior of target Intranet deployment by the preset corresponding relationship of wall with flues
In net firewall, the matched Intranet firewall of mobile wireless access equipment;
Receive the first IP address of the first Intranet firewall that the Intranet firewall distributing equipment is sent, and according to
First IP address, Xiang Suoshu the first Intranet firewall send the first firewall connection request, so that first Intranet is anti-
Wall with flues establishes connection according to the first firewall connection request and the mobile wireless access equipment;
After the Intranet access request for the target Intranet for receiving user terminal transmission, the Intranet is accessed
Request routes to the intranet server of the target Intranet by the first Intranet firewall;
It is returned receiving the intranet server response Intranet access request by the first Intranet firewall
Intranet request response after, the Intranet request response is sent to the user terminal.
It should be noted that the realization of each operation can also be to the phase that should refer to Fig. 2-embodiment of the method shown in Fig. 3
It should describe;The processor 501 can be also used for executing other operations in above method embodiment.
The embodiment of the present invention also provides a kind of computer storage medium, and the computer storage medium is stored with computer journey
Sequence, the computer program include program instruction, and described program instruction executes the computer such as
Method described in previous embodiment, the computer can connect for Intranet firewall distributing equipment or mobile wireless mentioned above
Enter a part of equipment.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly
It encloses, therefore equivalent changes made in accordance with the claims of the present invention, is still within the scope of the present invention.
Claims (10)
1. a kind of Intranet access method characterized by comprising
Intranet firewall distributing equipment receives the Intranet connection request for target Intranet that mobile wireless access equipment is sent, institute
State the positioning reference information that Intranet connection request carries the mobile wireless access equipment;
The Intranet firewall distributing equipment determines at the mobile wireless access equipment according to the positioning reference information
The resident geographic area of the mobile wireless access equipment;
The Intranet firewall distributing equipment is closed according to the preset resident geographic area and the corresponding of the first Intranet firewall
System, is determined as the matched Intranet firewall of the mobile wireless access equipment for the first Intranet firewall, wherein described the
One Intranet firewall is one in the multiple Intranet firewalls disposed for the target Intranet;
First IP address of the first Intranet firewall is sent to the mobile wireless by the Intranet firewall distributing equipment
Access device connects so that the mobile wireless access equipment is established according to first IP address and the first Intranet firewall
After connecing, user terminal is directed in the target by the first Intranet firewall by what the mobile wireless access equipment was sent
The Intranet access request of net routes to the intranet server of the target Intranet, and the first Intranet firewall takes the Intranet
Business device responds the Intranet request response that the Intranet access request returns and is sent to by the mobile wireless access equipment
The user terminal.
2. the method as described in claim 1, which is characterized in that the method also includes:
The Intranet firewall distributing equipment obtains the resident geographic area of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines described normal from the multiple Intranet firewalls disposed for the target Intranet
In the corresponding first Intranet firewall in geographic area, and establish the resident geographic area and the first Intranet firewall
Corresponding relationship, the first Intranet firewall is in the mobile wireless access equipment to be in the feelings of the resident geographic area
Under condition, for the nearest Intranet of mobile wireless access equipment described in distance in multiple Intranet firewalls of target Intranet deployment
Firewall, or in the case where the mobile wireless access equipment is in the resident geographic area, in the target
Wet end administration multiple Intranet firewalls between the mobile wireless access equipment the smallest Intranet firewall of network delay.
3. the method as described in claim 1, which is characterized in that the method also includes:
The Intranet firewall distributing equipment periodically obtains the real-time geographical locations of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines the shifting in the real-time geographical locations according to the mobile wireless access equipment
When dynamic radio reception device is transferred to except the resident geographic area, Xiang Suoshu the first Intranet firewall, which is sent, is directed to the shifting
The disconnecting instruction of dynamic radio reception device disconnects so that the first Intranet firewall is instructed according to the disconnecting
With the connection of the mobile wireless access equipment.
4. the method as described in claim 1, which is characterized in that the Intranet firewall distributing equipment prevents first Intranet
First IP address of wall with flues is sent to before the mobile wireless access equipment, further includes:
The Intranet firewall distributing equipment obtain the mobile wireless access equipment equipment identity information and/or with the shifting
The terminal identity information of the user terminal of dynamic radio reception device connection;
First IP address of the first Intranet firewall is sent to the mobile wireless by the Intranet firewall distributing equipment
Access device includes:
The Intranet firewall distributing equipment according to the equipment identity information is carrying out the mobile wireless access equipment
After authentication passes through, and/or, in the user being connect according to the terminal identity information pair with the mobile wireless access equipment
After the authentication that terminal carries out passes through, the first IP address of the first Intranet firewall is sent to the mobile wireless and is connect
Enter equipment.
5. the method as described in claim 1, which is characterized in that the resident geographic area of the mobile wireless access equipment includes
It is multiple;
The method also includes:
The Intranet firewall distributing equipment periodically obtains the real-time geographical locations of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines the mobile wireless access equipment in institute according to the real-time geographical locations
It states when switching between multiple resident geographic areas of mobile wireless access equipment, after mobile wireless access equipment switching
Resident geographic area and the target Intranet the second Intranet firewall preset corresponding relationship, second Intranet is prevented
Wall with flues is determined as in multiple Intranet firewalls for target Intranet deployment, and the mobile wireless access equipment switching is normal
The matched Intranet firewall of institute behind geographic area;
The Intranet firewall distributing equipment is determining that the first Intranet firewall and the second Intranet firewall are inconsistent
When, the second IP address of the second Intranet firewall is sent to the mobile wireless access equipment, so that the movement nothing
Line access device establishes connection according to second IP address and the second Intranet firewall, and disconnects and first Intranet
The connection of firewall.
6. a kind of Intranet access method, which is characterized in that the described method includes:
Mobile wireless access equipment sends the Intranet connection request for being directed to target Intranet to Intranet firewall distributing equipment, so that institute
The positioning for stating the mobile wireless access equipment that Intranet firewall distributing equipment includes according to the Intranet connection request refers to
Information determines the resident geographic area of the mobile wireless access equipment at the mobile wireless access equipment, described interior
Net firewall distributing equipment is disposed according to the resident geographic area of the mobile wireless access equipment and for the target Intranet
The first Intranet firewall preset corresponding relationship, the first Intranet firewall is determined as the target Intranet
In multiple Intranet firewalls of deployment, the matched Intranet firewall of mobile wireless access equipment;
The mobile wireless access equipment receives the first Intranet firewall that the Intranet firewall distributing equipment is sent
First IP address, and according to first IP address, Xiang Suoshu the first Intranet firewall sends the first firewall connection request, with
The first Intranet firewall is set to establish connection according to the first firewall connection request and the mobile wireless access equipment;
The mobile wireless access equipment is in the Intranet access request for the target Intranet for receiving user terminal transmission
Afterwards, the Intranet access request is routed to the intranet server of the target Intranet by the first Intranet firewall;
The mobile wireless access equipment responds the Intranet access request by described the receiving the intranet server
After the Intranet request response that one Intranet firewall returns, it is whole that the Intranet request response is sent to the user
End.
7. method as claimed in claim 6, which is characterized in that the resident geographic area of the mobile wireless access equipment includes
It is multiple;
The method also includes:
The mobile wireless access equipment obtains the real-time geographical locations of the mobile wireless access equipment;
The mobile wireless access equipment is determining the mobile wireless access equipment described according to the real-time geographical locations
When switching between multiple resident geographic areas of mobile wireless access equipment, Xiang Suoshu Intranet firewall distributing equipment, which is sent, to be carried
The firewall switching request of the real-time geographical locations, so that the Intranet firewall distributing equipment connects to the mobile wireless
After entering being verified of the real-time geographical locations of equipment, according to the resident geographic area after mobile wireless access equipment switching
With the preset corresponding relationship of the second Intranet firewall of the target Intranet, the second Intranet firewall is determined as in needle
To in multiple Intranet firewalls of target Intranet deployment, the mobile wireless access equipment switches institute behind resident geographic area
Matched Intranet firewall, the Intranet firewall distributing equipment are also determining in the first Intranet firewall and described second
When net firewall is inconsistent, the second IP address of the second Intranet firewall is sent to the mobile wireless access equipment;
The mobile wireless access equipment sends the second firewall to the second Intranet firewall according to second IP address
Connection request, so that the second Intranet firewall is established and the mobile wireless according to the second firewall connection request
The connection of access device;
The mobile wireless access equipment disconnects the connection with the first Intranet firewall.
8. a kind of mobile wireless access equipment characterized by comprising
Request transmitting unit, for sending the Intranet connection request for being directed to target Intranet to Intranet firewall distributing equipment, so that
The positioning for the mobile wireless access equipment that the Intranet firewall distributing equipment includes according to the Intranet connection request is joined
Information is examined, determines the resident geographic area of the mobile wireless access equipment at the mobile wireless access equipment, it is described
Intranet firewall distributing equipment is according to the resident geographic area of the mobile wireless access equipment and for wet end in the target
The first Intranet firewall is determined as in the target by the preset corresponding relationship of the first Intranet firewall of administration
In multiple Intranet firewalls of wet end administration, the matched Intranet firewall of mobile wireless access equipment;
Connection establishment unit, for receiving the first of the first Intranet firewall that the Intranet firewall distributing equipment is sent
IP address, and according to first IP address, Xiang Suoshu the first Intranet firewall sends the first firewall connection request, so that institute
It states the first Intranet firewall and connection is established according to the first firewall connection request and the mobile wireless access equipment;
Message transmission unit, for receive user terminal transmission the Intranet access request for the target Intranet after,
The Intranet access request is routed to the intranet server of the target Intranet by the first Intranet firewall;
The message transmission unit is also used to receiving the intranet server response Intranet access request described in
After the Intranet request response that first Intranet firewall returns, it is whole that the Intranet request response is sent to the user
End.
9. a kind of mobile wireless access equipment, which is characterized in that including processor, memory and communication interface, the processing
Device, memory and communication interface are connected with each other, wherein the communication interface is used for sending and receiving data, the memory
In storage program code, the processor executes such as the described in any item sides of claim 6-7 for calling said program code
Method.
10. a kind of computer storage medium, which is characterized in that the computer storage medium is stored with computer program, described
Computer program includes program instruction, and described program instruction makes the processor execute such as claim when being executed by a processor
The described in any item methods of 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910503580.9A CN110266674B (en) | 2019-06-10 | 2019-06-10 | Intranet access method and related device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910503580.9A CN110266674B (en) | 2019-06-10 | 2019-06-10 | Intranet access method and related device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110266674A true CN110266674A (en) | 2019-09-20 |
CN110266674B CN110266674B (en) | 2022-08-16 |
Family
ID=67917687
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910503580.9A Active CN110266674B (en) | 2019-06-10 | 2019-06-10 | Intranet access method and related device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110266674B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112822146A (en) * | 2019-11-18 | 2021-05-18 | 中国电信股份有限公司 | Network connection monitoring method, device, system and computer readable storage medium |
CN115086422A (en) * | 2022-06-29 | 2022-09-20 | 北京金山云网络技术有限公司 | Server access method, device, storage medium and electronic equipment |
WO2023130821A1 (en) * | 2022-01-05 | 2023-07-13 | 西安西电捷通无线网络通信股份有限公司 | Network access method and apparatus |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004318663A (en) * | 2003-04-18 | 2004-11-11 | Shimizu Corp | Network management operation system |
KR20070038618A (en) * | 2005-10-06 | 2007-04-11 | 주식회사 케이티프리텔 | Method and system for providing virtual private network services based on mobile communication and mobile terminal for the same |
CN101635759A (en) * | 2009-08-26 | 2010-01-27 | 深圳华为通信技术有限公司 | Method and device for realizing mobile terminal firewall |
CN101980486A (en) * | 2010-10-12 | 2011-02-23 | 北京星网锐捷网络技术有限公司 | Address library data updating method and network equipment |
CN103095778A (en) * | 2011-11-07 | 2013-05-08 | 北京知道创宇信息技术有限公司 | Web application firewall and web application safety protection method |
CN105101433A (en) * | 2015-07-02 | 2015-11-25 | 深圳平安通信科技有限公司 | Control server, hotspot resource sharing control method and system |
US20160241596A1 (en) * | 2015-02-16 | 2016-08-18 | International Business Machines Corporation | Enabling an on-premises resource to be exposed to a public cloud application securely and seamlessly |
CN106772525A (en) * | 2016-12-30 | 2017-05-31 | 维坤智能科技(上海)有限公司 | A kind of personnel positioning networking structure based on GPRS mobile terminals |
CN108989352A (en) * | 2018-09-03 | 2018-12-11 | 平安科技(深圳)有限公司 | Method of realizing fireproof wall, device, computer equipment and storage medium |
-
2019
- 2019-06-10 CN CN201910503580.9A patent/CN110266674B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004318663A (en) * | 2003-04-18 | 2004-11-11 | Shimizu Corp | Network management operation system |
KR20070038618A (en) * | 2005-10-06 | 2007-04-11 | 주식회사 케이티프리텔 | Method and system for providing virtual private network services based on mobile communication and mobile terminal for the same |
CN101635759A (en) * | 2009-08-26 | 2010-01-27 | 深圳华为通信技术有限公司 | Method and device for realizing mobile terminal firewall |
CN101980486A (en) * | 2010-10-12 | 2011-02-23 | 北京星网锐捷网络技术有限公司 | Address library data updating method and network equipment |
CN103095778A (en) * | 2011-11-07 | 2013-05-08 | 北京知道创宇信息技术有限公司 | Web application firewall and web application safety protection method |
US20160241596A1 (en) * | 2015-02-16 | 2016-08-18 | International Business Machines Corporation | Enabling an on-premises resource to be exposed to a public cloud application securely and seamlessly |
CN105101433A (en) * | 2015-07-02 | 2015-11-25 | 深圳平安通信科技有限公司 | Control server, hotspot resource sharing control method and system |
CN106772525A (en) * | 2016-12-30 | 2017-05-31 | 维坤智能科技(上海)有限公司 | A kind of personnel positioning networking structure based on GPRS mobile terminals |
CN108989352A (en) * | 2018-09-03 | 2018-12-11 | 平安科技(深圳)有限公司 | Method of realizing fireproof wall, device, computer equipment and storage medium |
Non-Patent Citations (1)
Title |
---|
谈华: "硬件防火墙在网络安全中的应用", 《电脑知识与技术(学术交流)》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112822146A (en) * | 2019-11-18 | 2021-05-18 | 中国电信股份有限公司 | Network connection monitoring method, device, system and computer readable storage medium |
WO2023130821A1 (en) * | 2022-01-05 | 2023-07-13 | 西安西电捷通无线网络通信股份有限公司 | Network access method and apparatus |
CN115086422A (en) * | 2022-06-29 | 2022-09-20 | 北京金山云网络技术有限公司 | Server access method, device, storage medium and electronic equipment |
CN115086422B (en) * | 2022-06-29 | 2024-04-26 | 北京金山云网络技术有限公司 | Server access method, device, storage medium and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN110266674B (en) | 2022-08-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110300117B (en) | IOT device and user binding authentication method, device and medium | |
US8151336B2 (en) | Devices and methods for secure internet transactions | |
RU2546610C1 (en) | Method of determining unsafe wireless access point | |
EP2553898B1 (en) | Method and system for authenticating a point of access | |
CN106376003B (en) | Detect WLAN connection and WLAN data transmission method for uplink and its device | |
KR20070108337A (en) | An authentication method and a relay device | |
CN110266674A (en) | A kind of Intranet access method and relevant apparatus | |
CN105430059A (en) | Smart client routing | |
CN108810993A (en) | Network is sliced selection method, equipment, UE, control plane functional entity and medium | |
Liu et al. | Security analysis of mobile device-to-device network applications | |
CN109561138A (en) | Document down loading method and Related product | |
CN111132305B (en) | Method for 5G user terminal to access 5G network, user terminal equipment and medium | |
CN110336794A (en) | A kind of Intranet access method, system and relevant apparatus | |
CN107182098A (en) | For realizing the method and apparatus that user equipment switches between WAP | |
CN104253798A (en) | Network security monitoring method and system | |
CN110336793A (en) | A kind of Intranet access method and relevant apparatus | |
CN111093196B (en) | Method for 5G user terminal to access 5G network, user terminal equipment and medium | |
CN110311785A (en) | A kind of Intranet access method and relevant apparatus | |
CN110324826A (en) | A kind of Intranet access method and relevant apparatus | |
CN109450849B (en) | Cloud server networking method based on block chain | |
CN110324318A (en) | A kind of Intranet access method and relevant apparatus | |
Nguyen et al. | An SDN‐based connectivity control system for Wi‐Fi devices | |
CN110213769A (en) | A kind of Intranet access method and relevant apparatus | |
CN108307683A (en) | The means of communication, micro-base station, micro-base station controller, terminal and system | |
CN111163466A (en) | Method for 5G user terminal to access block chain, user terminal equipment and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |